Tags » XSS

DirectoryBurst - XSS and caching.

First a word about disclosure and vendor response.  I sent a couple of emails to DirectoryBurst about the problems in this post.  Though I never heard back from them, I observed that they fixed the XSS problem described below.   511 more words


Nightcap - Nov 25

NSA gadgets and The Gates Foundation are discussed in The Nightcap – Radar


Hiding Executable Javascript in Images That Pass Validation

Here’s an interesting proof-of-concept that could be useful or hazardous depending on the situation in which you encounter it. drew inspiration from the work of who has… 137 more words

Security Hacks

JavaScript Tools at Scale Using Type Information

2013 and 2014 has seen the rise of JavaScript parsers that generate a consumable AST (such as Esprima or Acorn) and static analysis tools that operate on that AST (eslint, esmangle, or escodegen, or graspjs). 96 more words


word: nonce


Definition: (noun) The present or particular occasion. Synonyms: time being Usage: Her tendency to discover a touch of sadness had for the nonce disappeared. Discuss.

Gotham Security Daily Threat Alerts

October 17, Threatpost – (International) SAP patches DoS flaw in Netweaver. SAP released a patch for its Netweaver platform that closes a remotely exploitable denial of service (DoS) vulnerability reported by Core Security researchers in June. 340 more words